<?php 
/**
 *
 * @category    API
 * @package     Api_User
 * @subpackage  Model
 * @author      trungpm
 */
class Api_Model_User {
	/* Verify that the UserId is valid, and doesn't already exist.
     * author: trungpm
     */
    function VerifyUserIdExists($UserId, $i, $Errors, $db) {
        if ((strlen($UserId) < 1)) {
            $Errors[$i] = IncorrectUserId;
        }
        $Searchsql = 'SELECT count(userid) as c FROM www_users WHERE userid=N\''.$UserId.'\'';
        $SearchResult = DB_query($Searchsql, $db);
        $answer = DB_fetch_array($SearchResult);
        if ($answer['c'] != 0) {
            $Errors[$i] = UserIdNoAlreadyExists;
        }
        DB_free_result($SearchResult);
        return $Errors;
    }
	
    /* get all security roles
     * author: trungpm
     */
    function GetUserList($user, $password) {
        $Errors = array();
        $db = db($user, $password);
        if (gettype($db) == 'integer') {
            $Errors[0] = NoAuthorisation;
            return $Errors;
        }
        $sql = "SELECT userid,		
					realname,
					phone,
					email,
					salesman,
					branchcode,
					convert(varchar, lastvisitdate, 103) as lastvisitdate,
					fullaccess,
					theme		
				FROM www_users";
        $result = DB_query($sql, $db);
        return $result;
    }
	
	/* Get user by userid.
     * author: trungpm
     */
    function GetUserById($UserId, $user, $password) {
        $db = db($user, $password);
        if (gettype($db) == 'integer') {
            $Errors[0] = NoAuthorisation;
            return $Errors;
        }
        $Errors = $this->VerifyUserIdExists($UserId, sizeof($Errors), $Errors, $db);
        if (sizeof($Errors) == 0) {
            return $Errors;
        }
        $sql = 'SELECT userid,		
					realname,
					phone,
					email,
					salesman,
					branchcode,
					lastvisitdate,
					fullaccess,
					theme,
					blocked		
				FROM www_users WHERE userid=N\''. $UserId . '\'';
        $result = DB_Query($sql, $db);
        if (sizeof($Errors) != 0) {
            $arrResult = DB_fetch_array($result);
            DB_free_result($result);
            return $arrResult;
        } else {
            return $Errors;
        }
    }
	
	/* Update user information.
     * author: trungpm
     */
    function ModifyUser($SelectedUser, $UserDetails, $user, $password) {
        $Errors = array();
        $db = db($user, $password);
        if (gettype($db) == 'integer') {
            $Errors[0] = NoAuthorisation;
            return $Errors;
        }
		foreach ($UserDetails as $key=>$value) {
            $UserDetails[$key] = DB_escape_string($value);
        }
        $Errors = $this->VerifyUserIdExists($SelectedUser, sizeof($Errors), $Errors, $db);
        if (sizeof($Errors) == 0) {
            return $Errors;
        }
        
        $sql = 'UPDATE www_users SET ';
        foreach ($UserDetails as $key=>$value) {
            $sql .= $key.'=N\''.$value.'\', ';
        }
        $sql = substr($sql, 0, -2).' WHERE userid=N\''.$SelectedUser.'\'';
        if (sizeof($Errors) != 0) {
            $result = DB_Query($sql, $db);
            if (!isset($result) || !$result) {
                $Errors[0] = DatabaseUpdateFailed;
            } else {
                $Errors[0] = 0;
            }
        }
        return $Errors;
    }
	
	/* Insert a new user */
    function InsertUser($SelectedUser, $UserDetails, $user, $password) {
        $Errors = array();
        $db = db($user, $password);
        if (gettype($db) == 'integer') {
            $Errors[0] = NoAuthorisation;
            return $Errors;
        }
		foreach ($UserDetails as $key=>$value) {
            $UserDetails[$key] = DB_escape_string($value);
        }
		$Errors = $this->VerifyUserIdExists($SelectedUser, sizeof($Errors), $Errors, $db);
        if (sizeof($Errors) != 0) {
            return $Errors;
        }
		
        $FieldNames = '';
        $FieldValues = '';
        foreach ($UserDetails as $key=>$value) {
            $FieldNames .= $key.', ';
            $FieldValues .= 'N\''.$value.'\', ';
        }
		
        $sql = 'INSERT INTO www_users ('.substr($FieldNames, 0, -2).') '.'VALUES ('.substr($FieldValues, 0, -2).') ';
        if (sizeof($Errors) == 0) {
            $result = DB_Query($sql, $db);
            if (!$result) {
                $Errors[0] = DatabaseInsertFailed;
            }
        }
        return $Errors;
    }
}
?>
